Skip to content

src/newusers.c: A user/group name with a leading digit is valid #1475

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
alejandro-colomar wants to merge 1 commit into
base: master
Choose a base branch
from
Open

src/newusers.c: A user/group name with a leading digit is valid #1475

alejandro-colomar wants to merge 1 commit into from
+4 −3

Conversation

@alejandro-colomar
Copy link
Collaborator

@alejandro-colomar alejandro-colomar commented Jan 3, 2026
edited
Loading

Only consider a string to be a UID/GID if it is all digits.

Closes: #1474

Revisions:

v1b
  • Add reproducer to commit message.
$ git rd 
1:  f26af1fee ! 1:  497cbf1fe src/newusers.c: A user/group name with a leading digit is valid
    @@ Commit message
     
         Only consider a string to be a UID/GID if it is all digits.
     
    +    Here's a reproducer of the bug:
    +
    +            $ echo 'foo:p::1a::/tmp/nonexistent:/usr/bin/false' > x
    +            $ sudo newusers ./x
    +            newusers: invalid group ID '1a'
    +            newusers: line 1: can't create group
    +
    +    Where the expected behavior would be the same as for a group name that
    +    doesn't start with a digit:
    +
    +            $ echo 'foo:p::a1a::/tmp/nonexistent:/usr/bin/false' > x
    +            $ sudo newusers ./x
    +            $ tail -n1 /etc/group
    +            a1a:x:1004:
    +            $ tail -n1 /etc/passwd
    +            foo:x:1004:1004::/tmp/nonexistent:/usr/bin/false
    +
         Closes: <https://github.com/shadow-maint/shadow/issues/1474>
         Signed-off-by: Alejandro Colomar <alx@kernel.org>

@alejandro-colomar alejandro-colomar self-assigned this Jan 3, 2026
@alejandro-colomar alejandro-colomar marked this pull request as ready for review January 3, 2026 23:49
@alejandro-colomar
src/newusers.c: A user/group name with a leading digit is valid
497cbf1 
Only consider a string to be a UID/GID if it is all digits.

Here's a reproducer of the bug:

	$ echo 'foo:p::1a::/tmp/nonexistent:/usr/bin/false' > x
	$ sudo newusers ./x
	newusers: invalid group ID '1a'
	newusers: line 1: can't create group

Where the expected behavior would be the same as for a group name that
doesn't start with a digit:

	$ echo 'foo:p::a1a::/tmp/nonexistent:/usr/bin/false' > x
	$ sudo newusers ./x
	$ tail -n1 /etc/group
	a1a:x:1004:
	$ tail -n1 /etc/passwd
	foo:x:1004:1004::/tmp/nonexistent:/usr/bin/false

Closes: <shadow-maint#1474>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hallyn hallyn Awaiting requested review from hallyn

@ikerexxe ikerexxe Awaiting requested review from ikerexxe

At least 1 approving review is required to merge this pull request.

Assignees

@alejandro-colomar alejandro-colomar

Labels

bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Incorrect use of isdigit(3) where strisdigit() is wanted

1 participant

@alejandro-colomar